The PostgreSQL project today is releasing the following patch versions,
which fix three different crash vulnerabilities as well as an assortment
of minor issues. Users of all PostgreSQL versions are urged to upgrade
at the earliest opportunity.
The versions being released are: 8.1.5, 8.0.9, 7.4.14, 7.3.16. These are
cumulative patch releases which simply replace the PostgreSQL binaries for
major versions 8.1, 8.0, 7.4 and 7.3. Note that users of versions 7.4.0,
7.4.1, 8.0.0 and 8.0.1 may have to take additional steps in the course of
upgrading -- see the release notes for details.
Release Notes: http://developer.postgresql.org/pgdocs/postgres/release.html
Download at: http://www.postgresql.org/download
The three crash conditions are not considered critical vulnerabilities,
because all three require authenticated access to the database with the
ability to run ad-hoc queries, and none can be exploited for privilege
escalation. As a result, we have NOT filed a CVE for these issues.
Source for the patches is currently available, as well as binaries for
Windows and some distributions of Linux. Binaries for Solaris, other
Linuxes, and OSX should be obtained from the respective vendor.
--
--Josh Berkus
Josh Berkus
PostgreSQL Project Core Team
www.postgresql.org